W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Fwd: New Version Notification for draft-snell-httpbis-keynego-01.txt

From: James M Snell <jasnell@gmail.com>
Date: Tue, 19 Nov 2013 17:04:42 -0800
Message-ID: <CABP7RbdO3dty_w_Uxt+z8gP+XKafE8o1gNMcUS+rJzOFGCL9QA@mail.gmail.com>
To: Roberto Peon <grmocg@gmail.com>
Cc: ietf-http-wg@w3.org, Ilari Liusvaara <ilari.liusvaara@elisanet.fi>, Poul-Henning Kamp <phk@phk.freebsd.dk>
You're absolutely right that integrity checking needs to be built into
this.  Exactly how that happens is still up in the air.  A few months ago
at the face to face in SF I mentioned the need for fail fast able
Incremental integrity checking.  I still want that.
On Nov 19, 2013 4:57 PM, "Roberto Peon" <grmocg@gmail.com> wrote:

> The distinct and important difference is that at least one party would be
> able to figure out that something odd is happening when integrity is
> available, where it is much more difficult when integrity isn't present.
> -=R
>
>
> On Tue, Nov 19, 2013 at 4:43 PM, Poul-Henning Kamp <phk@phk.freebsd.dk>wrote:
>
>> In message <
>> CAP+FsNdjAVz8T3Dr895kwiZrnQv18YDJb1zyGECLZ-ct_EdXUg@mail.gmail.com>
>> , Roberto Peon writes:
>>
>> >The bigger problem is that the proxy might prevent the negotiation from
>> >occurring.
>>
>> ...In which case it is very likely also blocking any attempt to avoid
>> using the proxy, so your end-to-end attempt is not going to work either.
>>
>> Or if it works, it's probably on a trojaned cert.
>>
>> --
>> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
>> phk@FreeBSD.ORG         | TCP/IP since RFC 956
>> FreeBSD committer       | BSD since 4.3-tahoe
>> Never attribute to malice what can adequately be explained by
>> incompetence.
>>
>
>
Received on Wednesday, 20 November 2013 01:05:10 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC